update request validator to remove port numbers from https urls (twilio#394)

Brodan · codejudas · commit 9f3a32f29e1b · 2017-10-20T11:25:19.000-07:00
* update request validator to remove port numbers from https urls

* fix typo
diff --git a/tests/unit/test_request_validator.py b/tests/unit/test_request_validator.py
@@ -41,7 +41,7 @@ def setUp(self):
             "ToCountry": "US",
             "ToState": "CA",
             "ToZip": "94612",
-            }
+        }
 
     def test_compute_signature_bytecode(self):
         expected = b("fF+xx6dTinOaCdZ0aIeNkHr/ZAA=")
@@ -60,3 +60,8 @@ def test_compute_signature_unicode(self):
     def test_validation(self):
         expected = "fF+xx6dTinOaCdZ0aIeNkHr/ZAA="
         assert_true(self.validator.validate(self.uri, self.params, expected))
+
+    def test_validation_removes_port_on_https(self):
+        self.uri = "https://www.postbin.org:1234/1ed898x"
+        expected = "Y7MeICc5ECftd1G11Fc8qoxAn0A="
+        assert_true(self.validator.validate(self.uri, self.params, expected))
diff --git a/twilio/request_validator.py b/twilio/request_validator.py
@@ -4,7 +4,7 @@
 
 from six import PY3
 
-from twilio.compat import izip
+from twilio.compat import izip, urlparse
 
 
 def compare(string1, string2):
@@ -24,6 +24,19 @@ def compare(string1, string2):
     return result
 
 
+def remove_port(uri):
+    """Remove the port number from a URI
+
+    :param uri: full URI that Twilio requested on your server
+
+    :returns: full URI without a port number
+    :rtype: str
+    """
+    new_netloc = uri.netloc.split(':')[0]
+    new_uri = uri._replace(netloc=new_netloc)
+    return new_uri.geturl()
+
+
 class RequestValidator(object):
 
     def __init__(self, token):
@@ -60,4 +73,7 @@ def validate(self, uri, params, signature):
 
         :returns: True if the request passes validation, False if not
         """
+        parsed_uri = urlparse(uri)
+        if parsed_uri.scheme == "https" and parsed_uri.port:
+            uri = remove_port(parsed_uri)
         return compare(self.compute_signature(uri, params), signature)
